Projects
Mega:24.09
zziplib
_service:tar_scm:fix-CVE-2024-39133.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:fix-CVE-2024-39133.patch of Package zziplib
From 550e30e76a550d933fe72fc14209403c48d5f5bf Mon Sep 17 00:00:00 2001 From: vlefebvre <valentin.lefebvre@suse.com> Date: Tue, 6 Aug 2024 16:01:02 +0200 Subject: [PATCH] parse_root_dir: Verify size of extra obtained Reference:https://github.com/keentux/zziplib/commit/550e30e76a550d933fe72fc14209403c48d5f5bf * Fix the issue #164 where extra_ptr could be alocated without enough bytes to check the magic value. Signed-off-by: vlefebvre <valentin.lefebvre@suse.com> --- zzip/zip.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/zzip/zip.c b/zzip/zip.c index 56b5966..d4c447e 100644 --- a/zzip/zip.c +++ b/zzip/zip.c @@ -524,7 +524,8 @@ __zzip_parse_root_directory(int fd, struct _disk_trailer* trailer, struct zzip_d hdr->d_namlen = u_namlen; /* looking for ZIP64 extras when csize on intmax */ - if (u_extras && (hdr->d_csize & 0xFFFFu == 0xFFFFu)) { + if (u_extras >= __sizeof(struct zzip_extra_zip64) && + (hdr->d_csize & 0xFFFFu == 0xFFFFu)) { DBG3("%i extras bytes (%i)", u_extras, sizeof(struct zzip_extra_zip64)); zzip_off64_t zz_extras = zz_offset + sizeof(*d) + u_namlen; zzip_byte_t* extras_ptr; -- 2.27.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2